Kr0Emer

**Name of the Vulnerable Software and Affected Versions** jsrsasign versions prior to 11.1.1 **Description** The jsrsasign package contains a flaw related to division by zero. This issue stems from the RSASetPublic/KEYUTIL parsing path within the 'ext/rsa.js' file and the BigInteger.modPowInt reduction logic in 'ext/jsbn.js'. An attacker can exploit this by providing a JSON Web Key (JWK) with a modulus that decodes to zero, causing RSA public-key operations, such as verification and encryption, to produce deterministic zero outputs and conceal “invalid key” errors. **Recommendations** Update jsrsasign to version 11.1.1 or later.

**Name of the Vulnerable Software and Affected Versions** jsrsasign versions prior to 11.1.1 **Description** The jsrsasign package, versions prior to 11.1.1, contains a flaw in the DSA signing implementation, specifically within the `KJUR.crypto.DSA.signWithMessageHash` process. This issue allows an attacker to potentially recover the private key by manipulating the signing process to force `r` or `s` to be zero. The library then emits an invalid signature without retrying, enabling the attacker to solve for `x` and thus recover the private key. **Recommendations** Update jsrsasign to version 11.1.1 or later.

**Name of the Vulnerable Software and Affected Versions** jsrsasign versions prior to 11.1.1 **Description** The software contains a flaw related to incorrect conversion between numeric types when handling negative exponents in the `ext/jsbn2.js` file. This can allow an attacker to force the computation of incorrect modular inverses, potentially breaking signature verification by calling the `modPow` function with a negative exponent. **Recommendations** Update to jsrsasign version 11.1.1 or later.

**Name of the Vulnerable Software and Affected Versions** jsrsasign versions prior to 11.1.1 **Description** The jsrsasign package contains a flaw where the `bnModInverse` function within the `ext/jsbn2.js` file can enter an infinite loop. This occurs when the `BigInteger.modInverse` implementation receives zero or negative inputs, potentially causing a denial-of-service condition by hanging the process. The vulnerable function is `modInverse()`. The issue can be triggered by supplying crafted values such as `modInverse(0, m)` or `modInverse(-1, m)`. **Recommendations** Update to jsrsasign version 11.1.1 or later.

**Name of the Vulnerable Software and Affected Versions** jsrsasign versions 7.0.0 through 11.1.1 **Description** The jsrsasign package is susceptible to an issue involving incomplete comparison with missing factors within the `getRandomBigIntegerZeroToMax` and `getRandomBigIntegerMinToMax` functions located in `src/crypto-1.1.js`. This flaw allows an attacker to potentially recover the private key by exploiting incorrect compareTo checks. These checks accept out-of-range candidates, which biases DSA nonces during signature generation. **Recommendations** Versions 7.0.0 through 11.1.1 are vulnerable and should be updated.

**Name of the Vulnerable Software and Affected Versions** jsrsasign versions prior to 11.1.1 **Description** The software is susceptible to an issue involving improper verification of cryptographic signatures. This occurs due to inadequate validation of domain parameters within the DSA (Digital Signature Algorithm) implementation, specifically in the `KJUR.crypto.DSA.setPublic` function and related X509 verification processes in `src/dsa-2.0.js`. An attacker can exploit this by providing malicious domain parameters, such as setting `g` and `y` to 1 and `r` to 1, which allows the forging of DSA signatures or X.509 certificates that the `X509.verifySignature()` function will incorrectly accept. **Recommendations** Update jsrsasign to version 11.1.1 or later.

**Name of the Vulnerable Software and Affected Versions** sjcl (affected versions not specified) **Description** The software is susceptible to an Improper Verification of Cryptographic Signature issue due to missing point-on-curve validation within the `sjcl.ecc.basicKey.publicKey()` function. An attacker can potentially recover a victim's ECDH private key by sending specifically crafted off-curve public keys and monitoring ECDH outputs. The `dhJavaEc()` function directly returns the raw x-coordinate of the scalar multiplication result without hashing, which creates a plaintext oracle without requiring decryption feedback. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Nome do Software Vulnerável e Versões Afetadas Versões do bn.js anteriores à 5.2.3 Descrição O pacote bn.js é suscetível a um problema de corrupção de estado. A chamada da função `maskn(0)` em qualquer instância BN corrompe o estado interno. Essa corrupção faz com que métodos como `toString()`, `divmod()` e outros entrem em um loop infinito, resultando em um travamento do processo. Recomendações Atualize o bn.js para a versão 5.2.3 ou posterior.